25.11.29.Today News : Coupang Data Breach Exposes 33.7 Million Accounts… Key Figure Identified as Former Employee from China

Coupang Data Breach Exposes 33.7 Million Accounts… Key Figure Identified as Former Employee from China

📍Initial estimate of 4,500 cases jumps to 33.7 million; primary suspect fled to China shortly after the incident

The massive data breach at Coupang has been traced to a former employee of Chinese nationality. With 33.7 million user accounts affected, authorities now face significant challenges as the key figure left South Korea for China immediately after the incident.

Coupang has suffered its largest-ever personal information leak, causing consumers to feel uneasy.

---

🔹 Data exposure increases from 4,500 to 33.7 million accounts
Coupang announced on the 29th that a total of 33.7 million customer accounts were confirmed to have been exposed during a recent data breach. This figure is roughly 7,500 times higher than the initial estimate of 4,500 cases reported when the company first detected the incident on the 18th.

The leaked data includes customer names, email addresses, saved delivery address information (recipient names, phone numbers, addresses), and some order details. Coupang emphasized that payment information, credit card numbers, and login credentials were not compromised.

According to a report submitted to the Korea Internet & Security Agency (KISA), unauthorized access via overseas servers began on June 24 at 6:38 p.m., but the company did not detect it until the night of the 18th.

🔹 Main suspect is a former employee of Chinese nationality
Investigations revealed that the individual primarily responsible for the exposure is a former Coupang employee of Chinese nationality. The individual reportedly left South Korea and returned to China immediately after the breach occurred and is no longer employed by the company.

Although Coupang stated it “cannot confirm” details regarding the employee’s nationality or whereabouts, multiple sources indicate the former staff member is a critical figure in the incident, raising concerns about the feasibility of the investigation.

🔹 Prolonged unauthorized access from overseas servers
Coupang explained that the incident involved “prolonged unauthorized access through overseas servers beginning June 24.” The company said it has blocked the access path, enhanced monitoring, and brought in external cybersecurity experts to strengthen its response.

Coupang also stated it is cooperating with the National Police Agency, KISA, and the Personal Information Protection Commission.

🔹 Scale of breach suggests exposure of nearly all Coupang users
Although Coupang has never officially disclosed its total membership count, industry analysts suspect that the 33.7 million exposed accounts likely correspond to its entire customer base. Coupang’s recently reported “active customers” for Q3 numbered 24.7 million, and including inactive accounts could easily bring the total to the level of the exposed dataset.

🔹 Customer guidance: No action required, but beware of phishing
Coupang stated that customers do not need to take additional action because sensitive financial or login data was not leaked. However, the company urged users to remain cautious against phishing attempts impersonating Coupang via calls or messages.

🔹 Investigation expected to face difficulties
Police authorities are considering possible approaches to investigate the former employee now located overseas. With the primary suspect residing in China, securing testimony or cooperation may be difficult, heightening concerns that uncovering the full truth will take considerable time.

One-line summary : The key figure behind Coupang’s 33.7 million account data breach has been identified as a former employee from China, raising concerns about investigation delays due to his overseas stay.